# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# Find more information at:
# https://github.com/microsoft/msvc-code-analysis-action

name: Microsoft C++ Code Analysis

on:
  push:
    branches: [ "develop" ]
  pull_request:
    branches: [ "develop" ]
  schedule:
    - cron: '44 17 * * 1'

env:
  # Path to the CMake build directory.
  build: '${{ github.workspace }}/build'

permissions:
  contents: read

jobs:
  analyze:
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    name: Analyze
    runs-on: windows-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Configure CMake
        run: cmake -B ${{ env.build }}

      # Build is not required unless generated source files are used
      # - name: Build CMake
      #   run: cmake --build ${{ env.build }}

      - name: Initialize MSVC Code Analysis
        uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
        # Provide a unique ID to access the sarif output path
        id: run-analysis
        with:
          cmakeBuildDirectory: ${{ env.build }}
          # Ruleset file that will determine what checks will be run
          ruleset: NativeRecommendedRules.ruleset

      - name: Patch SARIF with unique categories
        shell: pwsh
        run: |
          $sarifPath = "${{ steps.run-analysis.outputs.sarif }}"
          $outputPath = "${{ env.build }}\results_fixed.sarif"
          
          $sarif = Get-Content $sarifPath -Raw | ConvertFrom-Json
          
          for ($i = 0; $i -lt $sarif.runs.Count; $i++) {
            $run = $sarif.runs[$i]
          
            # Ensure properties exists
            if ($null -eq $run.PSObject.Properties['properties']) {
              $run | Add-Member -NotePropertyName 'properties' -NotePropertyValue @{}
            }
          
            # Add or overwrite category
            $run.properties['category'] = "run-$i"
          }
          
          $sarif | ConvertTo-Json -Depth 100 | Set-Content -Encoding utf8 $outputPath
          Write-Host "✅ Wrote patched SARIF to $outputPath"

      # Upload SARIF file to GitHub Code Scanning Alerts
      - name: Upload SARIF to GitHub
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ${{ env.build }}/results_fixed.sarif

      # Upload SARIF file as an Artifact to download and view
      #- name: Upload SARIF as an Artifact
      #  uses: actions/upload-artifact@v4
      #  with:
      #    name: sarif-file
      #    path: ${{ steps.run-analysis.outputs.sarif }}